1. Home
  2. CVE Database
  3. CVE-2025-42940
HIGH · 7.5

CVE-2025-42940

SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This may result in memory corruption followed by an applica...

Vulnerability Description

SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This may result in memory corruption followed by an application crash, hence leading to a high impact on availability. There is no impact on confidentiality or integrity.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2025-42940?

CVE-2025-42940 is a vulnerability with a CVSS score of 7.5 (HIGH). SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This may result in memory corruption followed by an applica...

How severe is CVE-2025-42940?

CVE-2025-42940 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-42940?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.